all systems operational
18 providers · 1 signed envelope · 1 normalized caller

The integration fabric for vibe-coded stacks, hardened for production.

NexusBridge unifies 18 builders, runtimes, and hosts behind one signed webhook envelope and one normalized outbound caller. Encrypted credentials, row-level isolation, deterministic execution, scheduled triggers, full audit logs, and a flow engine you can run on Cloudflare Workers or your own infrastructure.

AES-256-GCM at rest HMAC-SHA256 in transit Postgres RLS Self-host friendly No credit card
~/nexus · trigger.sh● live
$ TS=$(date +%s)
$ BODY='{"email":"ceo@acme.io","plan":"enterprise"}'
$ SIG=$(printf "%s.%s" "$TS" "$BODY" \
    | openssl dgst -sha256 -hmac "$NEXUS_LOVABLE_WEBHOOK_SECRET" \
    | awk '{print $2}')

$ curl -sS -X POST \
    https://nexusbridge.app/api/public/hooks/universal/lovable/$FLOW \
    -H "content-type: application/json" \
    -H "x-nexus-timestamp: $TS" \
    -H "x-nexus-signature: sha256=$SIG" \
    -d "$BODY"

{ "run_id":   "f2a8c1…",
  "status":   "success",
  "duration_ms": 412,
  "provider": "lovable",
  "steps": [
    { "type": "bubble",         "ms": 118, "attempts": 1 },
    { "type": "provider_relay", "ms": 244, "attempts": 1, "target": "replit" },
    { "type": "provider_relay", "ms":  46, "attempts": 1, "target": "netlify" }
  ] }
18
connected providers
no-code, AI, runtime, host
< 90 ms
median outbound latency
us-east-1 → vercel/iad1
99.98%
30-day execution success
non-user-error
0
plaintext secrets at rest
AES-256-GCM, key off-bundle
PLATFORM

One control plane for every backend you ship from a prompt

Universal connectors

Bearer, header API-key, Basic, query-string, deploy hooks, signed callbacks — one config shape, every provider.

Visual flow builder

Drag steps, map fields with mustache paths, branch on condition, transform JSON inline, test any step in isolation.

Deterministic engine

Sequential executor, exponential backoff, per-step error policy, idempotent retries, per-run trace.

Full observability

Every run is a row. Inputs, per-step outputs, attempts, durations, status — searchable, exportable, retryable.

Scheduled triggers

pg_cron pings an internal scheduler every minute. Run every N minutes, hourly, daily — with manual override.

Zero-trust webhooks

HMAC-SHA256 of <ts>.<body>, timing-safe compare, ±5 min replay window, per-provider secret rotation.

Provider relay

A single step type calls any connection. Swap Vercel for Netlify by changing one field — mappings keep working.

Deploy anywhere

Runs on Cloudflare Workers out of the box. Self-host on your own Postgres + edge runtime in under an hour.

PROVIDERS

18 first-class peers, grouped by purpose

NO-CODE BUILDERS
  • Bubble.iobubble
  • Softrsoftr
  • Base44base44
AI APP BUILDERS
  • Lovable.devlovable
  • Emergent.shemergent
  • Bolt.newbolt
  • Cursorcursor
  • Windsurfwindsurf
EDGE RUNTIMES
  • Replitreplit
  • Cloudflarecloudflare
  • Supabasesupabase
HOSTING & PAAS
  • Vercelvercel
  • Netlifynetlify
  • Renderrender
  • Railwayrailway
  • DigitalOceandigitalocean
  • Coolifycoolify
  • Dokploydokploy
ProviderOutboundInboundSignatureAuth modelScheduleRelay
Bubble.ioHMAC-SHA256Bearer (Data API + Workflow)
ReplitHMAC-SHA256Bearer / Header / Basic / Query
Lovable.devHMAC-SHA256Bearer (project-scoped)
Emergent.shHMAC-SHA256Agent API key
Base44HMAC-SHA256Bearer
VercelHMAC-SHA256 / SHA1Deploy hook + Bearer
NetlifyHMAC-SHA256Build hook + PAT
CloudflareHMAC-SHA256Bearer (Workers / Pages)
RenderHMAC-SHA256 (ts)Bearer (Render API)
RailwayHMAC-SHA256 (ts)Bearer (project token)
DigitalOceanHMAC-SHA256 (ts)Bearer (PAT, app spec)
CoolifyHMAC-SHA256 (ts)Bearer (instance API)
DokployHMAC-SHA256 (ts)Bearer (instance API)
Bolt.newHMAC-SHA256 (ts)Bearer
CursorHMAC-SHA256 (ts)Bearer
WindsurfHMAC-SHA256 (ts)Bearer
SoftrHMAC-SHA256Header API key
SupabaseHMAC-SHA256 (ts)Bearer (service-role / anon)

Universal inbound: POST /api/public/hooks/universal/<provider>/<flow_id> · per-provider legacy routes remain for native signature schemes.

ARCHITECTURE

One hub, two transports, zero plaintext on the wire


                  ┌─────────────────────────────────────────┐
                  │            Inbound webhook              │
                  │  POST /api/public/hooks/universal/...   │
                  │  x-nexus-signature  x-nexus-timestamp   │
                  └────────────────────┬────────────────────┘
                                       ▼
   ┌─────────────────────────────────────────────────────────────────┐
   │                          NexusBridge hub                        │
   │  ┌────────────┐  ┌────────────┐  ┌────────────┐  ┌───────────┐  │
   │  │  Verify    │─▶│  Load flow │─▶│  Executor  │─▶│  Logger   │  │
   │  │  HMAC + ts │  │  + creds   │  │  + retries │  │ flow_runs │  │
   │  └────────────┘  └─────┬──────┘  └─────┬──────┘  └─────┬─────┘  │
   │       ▲                │                │               │       │
   │       │           ┌────▼──────┐    ┌────▼─────┐    ┌────▼─────┐ │
   │       │           │ AES-256   │    │ provider │    │ Postgres │ │
   │       │           │   GCM     │    │  relay   │    │  + RLS   │ │
   │       │           └───────────┘    └────┬─────┘    └──────────┘ │
   │       │                                 │                       │
   │  ┌────┴────┐                            ▼                       │
   │  │ pg_cron │                ┌────────────────────────┐          │
   │  │ ticker  │                │ Outbound: 18 providers │          │
   │  └─────────┘                │  Bearer · Header · ... │          │
   │                             └────────────────────────┘          │
   └─────────────────────────────────────────────────────────────────┘

The hub is a stateless TanStack Start app. Every inbound request is verified against a per-provider secret before any database read. The executor loads the flow definition, decrypts only the credentials the run needs, and runs steps sequentially with deterministic retry semantics.

Outbound calls go through a single callProvider() helper that normalizes Bearer, header, Basic, and query-string auth, then maps response bodies into the run context so the next step can reference them.

  • Credentials never leave the server. Browser sees masked previews only.
  • ±5 min replay window on every inbound webhook.
  • pg_cron hits an internal scheduler endpoint every minute.
  • Every run writes input, per-step output, retries, and duration to flow_runs.
  • provider_relay step type makes any connection callable from any flow.
LIFECYCLE

Connect → Map → Trigger → Observe

01

Connect

Paste a token. We test it, encrypt with AES-256-GCM, and store ciphertext only.

POST /connections
{ "provider": "lovable",
  "base_url": "https://project--abc.lovable.app",
  "auth": { "type": "bearer", "token": "<paste once>" } }
02

Map

Pipe any field from any previous step using mustache paths. No code, no glue services.

{
  "user_email":  "{{trigger.email}}",
  "score":       "{{steps.step_2.body.engagement}}",
  "fingerprint": "{{trigger._lovable.delivery_id}}"
}
03

Trigger

Manual run, pg_cron schedule, or a signed webhook from any provider.

curl -X POST $HUB/api/public/hooks/universal/vercel/$FLOW \
  -H "x-nexus-timestamp: $(date +%s)" \
  -H "x-nexus-signature: sha256=$SIG" \
  -d '{"event":"deployment.succeeded"}'
04

Observe

Expand any run to see the JSON in, the JSON out, retries, and per-step duration.

{ "run_id": "8c3…",
  "status": "success",
  "duration_ms": 412,
  "steps": [
    { "type": "bubble",         "ms": 118, "attempts": 1 },
    { "type": "provider_relay", "ms": 244, "attempts": 1 }
  ] }
FLOW ENGINE

Deterministic executor, no surprises

  • Sequential executor. Condition steps gate the next step (stop_success / stop_failure / skip_next).
  • Per-step error policy: stop, continue, or retry with exponential backoff (500 ms × 2ⁿ).
  • provider_relay calls any connection — Bubble → Lovable → Netlify in three rows.
  • Mustache templating across the run context: {{trigger.x}}, {{steps.step_N.body.y}}.
  • Test any step in isolation with a sample payload before saving.
  • Optional delegation to a self-hosted n8n instance per flow (n8n Mode).
6
step types
5
max retries
60 s
timeout / call
500 ms
backoff base
±300 s
replay window
60 s
schedule tick
{
  "name": "Lovable signup → enrich → fan-out",
  "steps": [
    { "type": "bubble", "config": {
        "connection_id": "bub_…", "data_type": "user",
        "operation": "search",
        "mappings": [{ "target": "email", "expression": "{{trigger.email}}" }] }},
    { "type": "provider_relay", "config": {
        "connection_id": "ep_replit_ai",
        "method": "POST", "path": "/enrich",
        "use_mappings": true,
        "mappings": [
          { "target": "email",       "expression": "{{trigger.email}}" },
          { "target": "bubble_user", "expression": "{{steps.step_1.body.results.0}}" } ],
        "error_policy": { "on_error": "retry", "retries": 3 } }},
    { "type": "condition", "config": {
        "expression": "{{steps.step_2.body.score}}",
        "operator":   ">",
        "value":      "0.8",
        "true_action":  "next",
        "false_action": "stop_success" }},
    { "type": "provider_relay", "config": {
        "connection_id": "ep_netlify_notify",
        "method": "POST", "path": "/build_hooks/abc",
        "body": "{ \"trigger_title\": \"score={{steps.step_2.body.score}}\" }" }}
  ]
}
SECURITY

Encrypted at rest, signed in transit, scoped by RLS

AES-256-GCM at rest

All secrets pass through crypto.server.ts. Wire format: iv ‖ tag ‖ ciphertext. Key lives in NEXUS_ENCRYPTION_KEY — never bundled, never logged, never sent to the browser.

Signed webhooks

Every inbound request carries x-nexus-signature + x-nexus-timestamp. We HMAC-SHA256 <ts>.<rawBody>, timing-safe compare, reject anything outside ±5 min.

Row-Level Security

flows, flow_runs, bubble_connections, and replit_endpoints carry owner-scoped policies. Even with a stolen token, you only see your own data.

Secret rotation

rotate*Secret server functions re-encrypt the new value and overwrite ciphertext atomically. Old plaintext is unrecoverable from that point forward.

Append-only audit log

Every connection create, update, rotation, flow edit, and manual run is written to an immutable audit trail keyed by user and workspace.

Least-privilege keys

The Worker runs with a publishable Postgres key. The service-role key is loaded lazily inside server functions only when administrative work requires it.

GDPRAligned

Data export + delete server functions, EU-residency self-host option.

SOC 2 Type IIOn roadmap

Controls mapped; observability and access reviews in place.

HIPAASelf-host

BAA-eligible only when deployed in your own VPC with your own KMS.

OBSERVABILITY

Every byte of every run is a row

  • Searchable run log: full-text over input/output JSON, filterable by status, flow, provider, time range.
  • Built-in charts: runs/day, success-rate trend, slowest steps, retry density.
  • One-click retry on failed runs — re-executes with the original input payload.
  • Per-step trace: attempts, transport status, latency, mapping diff.
  • CSV / JSON export for compliance, BI, or back-pressure replay.
  • Dashboard widgets: 24h volume, p50/p95/p99 latency, error rate by provider.
SELECT
  provider,
  date_trunc('hour', started_at) AS bucket,
  count(*)                        AS runs,
  count(*) FILTER (WHERE status = 'success') AS ok,
  percentile_cont(0.50) WITHIN GROUP (ORDER BY duration_ms) AS p50,
  percentile_cont(0.95) WITHIN GROUP (ORDER BY duration_ms) AS p95,
  percentile_cont(0.99) WITHIN GROUP (ORDER BY duration_ms) AS p99
FROM flow_runs
WHERE owner_id = auth.uid()
  AND started_at > now() - interval '24 hours'
GROUP BY provider, bucket
ORDER BY bucket DESC;
DATA MODEL

Four tables, every relationship explicit


   bubble_connections        replit_endpoints           flow_templates
   ─────────────────         ─────────────────          ─────────────────
   id              uuid PK   id              uuid PK    id          uuid PK
   owner_id        uuid FK   owner_id        uuid FK    title       text
   workspace_url   text      provider        text       definition  jsonb
   data_api_token  bytea ▣   base_url        text       category    text
   workflow_token  bytea ▣   auth_payload    bytea ▣    is_public   bool
   created_at      timestz   created_at      timestz    created_at  timestz

                          flows
                          ─────────────────────────────────────
                          id                 uuid PK
                          owner_id           uuid FK
                          name               text
                          trigger_kind       enum  (manual|webhook|schedule)
                          execution_mode     enum  (nexus|n8n)
                          schedule_kind      enum  (every|hourly|daily)
                          next_run_at        timestz
                          steps              jsonb        ← step definitions
                          created_at         timestz
                                     │
                                     │ 1‥N
                                     ▼
                          flow_runs
                          ─────────────────────────────────────
                          id              uuid PK
                          flow_id         uuid FK
                          owner_id        uuid FK
                          trigger_source  enum  (manual|webhook|schedule)
                          status          enum  (pending|success|failed)
                          input           jsonb
                          output          jsonb        ← per-step output
                          duration_ms     int
                          started_at      timestz
                          finished_at     timestz

   ▣ = AES-256-GCM ciphertext (iv ‖ tag ‖ ct), key off-bundle
ENTERPRISE

Built for teams shipping in production

SSO & SCIM-ready

Google, GitHub, and OIDC providers today. SAML + SCIM provisioning on the enterprise plan.

Workspaces & roles

Per-workspace connections, flows, and audit log. Owner / admin / operator / viewer roles enforced via RLS.

Bring your own cloud

Self-host the hub on Cloudflare, Fly.io, or any Node-compatible edge. Point at your own Postgres + KMS.

SLA & dedicated support

99.95% uptime SLA, 1-hour response on Sev-1, named Slack channel, quarterly architecture reviews.

Custom providers

Need ClickUp, Linear, Snowflake, or an internal service? The connector schema is open — ship a new one in an afternoon.

Regional pinning

Pin executors and Postgres to us-east-1, eu-west-1, or ap-southeast-2. Webhook URLs stay stable across regions.

QUICKSTART

Trigger a flow from anything in one curl

# 1. Mint the signature
TS=$(date +%s)
BODY='{"email":"hello@example.com","plan":"pro"}'
SIG=$(printf "%s.%s" "$TS" "$BODY" | openssl dgst -sha256 -hmac "$NEXUS_LOVABLE_WEBHOOK_SECRET" -hex | awk '{print $2}')

# 2. POST to the universal endpoint — provider chosen by URL segment
curl -sS -X POST "https://nexusbridge.app/api/public/hooks/universal/lovable/$FLOW_ID" \
  -H "content-type: application/json" \
  -H "x-nexus-timestamp: $TS" \
  -H "x-nexus-signature: sha256=$SIG" \
  -d "$BODY"

# →  { "run_id": "…", "status": "success", "duration_ms": 412, "provider": "lovable" }

Same envelope for every provider — swap the URL segment and the secret. Per-provider legacy routes still accept native signature schemes for back-compat.

API SURFACE

The whole platform in 12 endpoints

MethodPathPurpose
POST/api/public/hooks/universal/:provider/:flow_idSigned inbound trigger (any provider)
POST/api/public/hooks/:providerNative per-provider webhook
POST/api/public/hooks/flow-schedulerInternal pg_cron tick
POST/connectionsCreate encrypted connection
POST/connections/:id/testRound-trip credential test
POST/connections/:id/rotateAtomic secret rotation
POST/flowsCreate flow definition
POST/flows/:id/runManual execution with input payload
POST/flows/:id/steps/:n/testRun a single step in isolation
GET/flow_runs?status=&flow_id=&q=Query run history with full-text search
POST/flow_runs/:id/retryReplay original input through the flow
GET/analytics/runsRoll-up metrics for dashboards
PRICING

Free for solo builders, priced for production

Hobby

$0/ mo

For tinkering and small projects.

  • 3 active flows
  • 1,000 runs / month
  • All 18 providers
  • Manual + scheduled triggers
  • 7-day run history
Start free

Team

POPULAR
$29/ mo

Per workspace · production-grade defaults.

  • Unlimited flows
  • 50,000 runs / month
  • Webhook triggers + signed envelope
  • 90-day run history + export
  • Email + Slack alerts
  • Up to 5 seats
Start 14-day trial

Enterprise

Custom/ mo

SSO, SCIM, BYO cloud, audit, SLA.

  • Unlimited runs
  • SAML SSO + SCIM provisioning
  • Self-host on your VPC
  • 99.95% uptime SLA
  • Named support, quarterly reviews
  • Custom provider connectors
Talk to sales
CHANGELOG

Recent releases

v1.5
Jun 2026
Supabase added as a first-class provider — 18 providers total. Direct Data API, Auth Admin, and Edge Function calls from any flow.
v1.4
Jun 2026
Universal inbound webhook envelope. Bolt.new, Cursor, Windsurf, Softr added.
v1.3
Jun 2026
Render, Railway, Cloudflare, Coolify, Dokploy, DigitalOcean App Platform connectors.
v1.2
May 2026
Base44 connector + condition step type + transform step type.
v1.1
May 2026
Vercel and Netlify with native signature schemes. pg_cron scheduler GA.
v1.0
Apr 2026
Initial release: Bubble, Replit, Lovable, Emergent. AES-256-GCM, RLS, flow_runs.
FAQ

The questions developers actually ask

Where do secrets actually live?

In Postgres, AES-256-GCM ciphertext only. The 64-char NEXUS_ENCRYPTION_KEY is a server-side env var. The browser receives masked previews — never plaintext.

What happens when a step fails?

The step's error_policy decides. retry uses exponential backoff (500 ms × 2ⁿ) only on 5xx/transport errors. continue writes { error } into the step's slot and proceeds. stop marks the run failed.

Can I self-host?

Yes. The hub is a TanStack Start app on Cloudflare Workers + a Postgres database. Flip execution_mode per flow to delegate runs to your own n8n instance while keeping credentials, schedules, and logs in NexusBridge.

How are schedules executed?

pg_cron calls an internal scheduler route every minute. It selects flows whose next_run_at <= now(), runs them, and writes the next tick back.

What about rate limits / timeouts?

Each outbound call has a 60-second timeout. The engine is sequential — slow steps don't starve fast ones because there's only one in flight per run. Bursty inbound traffic is absorbed by Workers' standard concurrency model.

How do I rotate a secret?

rotate*Secret re-encrypts the new value and overwrites the previous ciphertext atomically. Old plaintext is unrecoverable from that point.

Is there a way to test before saving?

Yes. Every step has a "Test this step" button that runs the step against a sample payload using the real credentials — no flow_run row is written.

Do you support custom providers?

On Team and Enterprise. The connector schema is open: provider id, auth model, signature scheme, base URL. Add a new tab to the Connections UI and ship.

Ship the integration layer you keep meaning to build.

Connect a provider, draw a flow, paste a curl. Be in production by lunch.